Win32/Bacalid [Threat Name] go to Threat

Win32/Bacalid [Threat Variant Name]

Category virus
Short description

Win32/Bacalid is a polymorphic file infector.

Executable file infection

When executed, the virus drops one of the following files in the %temp% folder:

  • vcab.dll
  • vgod.dll

Size of the file is approximately 30 kB .


The library is loaded and injected in all processes.


The virus checks for code page used on the system.


If it is set to 936 (Simplified Chinese) , the virus quits and hands control over to the host executable.


In order to ensure that only one instance of the virus is running, it creates a Event object. Its name is one of the following:

  • WINGOOD
  • WINXPGOD

The virus infects executables accesed by Explorer.exe . It also infects files found on local and network drives.

Other information

The virus contains a list of URLs.


It tries to download several files from the addresses.


The files are then executed.

Please enable Javascript to ensure correct displaying of this content and refresh this page.